Return-Path: Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 34501 invoked by uid 500); 20 Oct 2002 19:41:25 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: list-post: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 34480 invoked from network); 20 Oct 2002 19:41:20 -0000 Received: from shawidc-mo1.cg.shawcable.net (HELO pd3mo1so.prod.shaw.ca) (24.71.223.10) by daedalus.apache.org with SMTP; 20 Oct 2002 19:41:20 -0000 Received: from pd5mr3so.prod.shaw.ca (pd5mr3so-qfe3.prod.shaw.ca [10.0.141.144]) by l-daemon (iPlanet Messaging Server 5.1 HotFix 0.8 (built May 12 2002)) with ESMTP id <0H4A00GMLPBNR0@l-daemon> for users@httpd.apache.org; Sun, 20 Oct 2002 13:40:35 -0600 (MDT) Received: from pn2ml10so.prod.shaw.ca (pn2ml10so-qfe0.prod.shaw.ca [10.0.121.80]) by l-daemon (iPlanet Messaging Server 5.1 HotFix 0.8 (built May 12 2002)) with ESMTP id <0H4A00038PBNKA@l-daemon> for users@httpd.apache.org; Sun, 20 Oct 2002 13:40:35 -0600 (MDT) Received: from shaw.ca (h24-78-72-182.vc.shawcable.net [24.78.72.182]) by l-daemon (iPlanet Messaging Server 5.1 HotFix 0.8 (built May 12 2002)) with ESMTP id <0H4A008VTPBM1V@l-daemon> for users@httpd.apache.org; Sun, 20 Oct 2002 13:40:35 -0600 (MDT) Date: Sun, 20 Oct 2002 12:43:02 -0700 From: "J. Greenlees" To: users@httpd.apache.org Message-id: <3DB30746.7060900@shaw.ca> MIME-version: 1.0 Content-type: text/plain; charset=us-ascii; format=flowed Content-transfer-encoding: 7BIT X-Accept-Language: en-us, en User-Agent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.0.1) Gecko/20020823 Netscape/7.0 References: X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N Subject: Re: [users@httpd] Re: access log -- GET /scripts/..%%35%63../winnt/system32 actually, if you check the agreement with your isp, you will find a line that requires you to clean viruses out of your system, report the offending ip to their isp, they will have to clean it out. (I send 10 mb of access log to my isp, since a lot of their clients had both codered and nimda, they thanked me and the number of these hits has dropped drastically) Lee Grey wrote: > On the other hand, given the fact that so many users have dynamic IP > addresses, you are really blocking a number that can't be guaranteed to > match the machine it came from at that moment. The next day or two weeks > later, you are probably still vulnerable to the same "attack" from the same > infected machine, while having blocked access to your site by whatever > innocent machine currently has that IP address. > > Just a thought. > > Best wishes, > Lee Grey > Grey Matter > http://www.URLinOne.com > > -----Original Message----- > From: Jeff Beard [mailto:jeff@cyberxape.com] > Sent: Sunday, October 20, 2002 2:24 PM > To: users@httpd.apache.org > Subject: Re: [users@httpd] Re: access log -- GET > /scripts/..%%35%63../winnt/system32 > > > > > PeterKorman wrote: > [...] > > >>So my question is this: It this sledgehammer I'm using likely to hurt me? > > > No but neither is the worm. > > --Jeff > > --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See for more info. To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org " from the digest: users-digest-unsubscribe@httpd.apache.org For additional commands, e-mail: users-help@httpd.apache.org